Enterprise Fraud Management (EFM)

Definition - What does Enterprise Fraud Management (EFM) mean?

Enterprise fraud management (EFM) is the real-time screening of transaction activity across users, accounts, processes and channels, to identify and prevent internal and external fraud in an organization. Enterprise fraud management tools are used to analyze the behavior between related users, related accounts, channels and other entities, to identify unusual behavior that could be a sign of criminal activity, corruption or fraud.

[WEBINAR] Plan for Success: Using Process Models to Achieve Business Goals

Techopedia explains Enterprise Fraud Management (EFM)

An effective EFM solution should address all functions including capturing of comprehensive data, data analysis and investigations. Cross-channel fraud exploiting phone, Web and other channels is a great threat in banking, insurance, health and other sectors. A layered approach is often used to deal with the growing complex and sophisticated internal and external fraud, whose velocity and impact are on the increase. This consists of several layers of protection with real-time detection capabilities, controls and multiple analytical approaches to assess user and account activities at all levels.

The five commonly used layers are:

Layer 1 (endpoint-centric): This layer is used for securing the point of access, and it encompasses device ID, geolocation and authentication, and uses at least a two-factor authentication or the more secure three-factor authentication.
Layer 2 (navigation-centric): This layer involves behavioral analysis, in which the session is monitored, analyzed and compared with expected navigation patterns.
Layer 3 (channel-centric): This layer monitors all the activities of a user or account in a specific channel. It compares the behavior against configured models and rules per individual channel and may also update the account or user profiles including those of the peer groups.
Layer 4 (cross-channel-centric): This layer monitors entity behavior across multiple channels and products. Using a cross-channel approach, it looks for suspect account or user behavior, looks across products and channels, and correlates activities and alerts for each entity, account or user.
Layer 5 (entity link analysis): This layer analyzes the relationships and activities between related entities and their attributes. These may include external or internal users, machines or accounts sharing demographic data or transactions.

In addition to deploying the advanced technologies, an effective EFM requires knowledgeable staff to manage and deal with the systems and to configure rules and alerts and models to rely on. Organizations should have established processes and policies balancing usability, convenience and security.